Threat Modeling
A structured approach to identifying, categorizing, and prioritizing potential security threats to a system or application by systematically analyzing its architecture, data flows, and trust boundaries to determine where vulnerabilities might be exploited.
Threat modeling is a proactive security practice that helps organizations identify potential threats and vulnerabilities before they are exploited. The process involves decomposing a system into its components, identifying the assets worth protecting, mapping data flows and trust boundaries, identifying potential threats (who might attack, how, and why), and prioritizing those threats based on their likelihood and potential impact. Common methodologies include STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege), PASTA (Process for Attack Simulation and Threat Analysis), and attack trees.
Threat modeling supports compliance objectives across multiple frameworks. ISO 27001 Clause 6.1.2 requires organizations to identify information security risks, considering threats and vulnerabilities — threat modeling provides a systematic methodology for doing so. SOC 2's risk assessment requirements are enhanced when organizations can demonstrate a structured approach to identifying threats relevant to their trust services criteria. NIS2 requires essential entities to adopt risk-based cybersecurity measures, and threat modeling helps ensure that those measures address the most relevant threats. In technology due diligence, evidence of threat modeling demonstrates that an organization proactively considers security rather than simply reacting to incidents.
Threat modeling is most effective when integrated into the software development lifecycle. Ideally, it is performed during the design phase of new features or systems, revisited when significant architectural changes occur, and updated as the threat landscape evolves. Development teams should be trained to perform basic threat modeling, with security specialists involved for high-risk or complex systems. The output of a threat modeling exercise — an enumerated list of threats with risk ratings and recommended mitigations — feeds directly into security requirements, architecture decisions, and the risk register. Organizations should maintain threat models as living documents, reviewing and updating them regularly as systems evolve and new threats emerge.
Related frameworks
Related terms
Penetration Testing
A simulated cyberattack performed by security professionals to identify vulnerabilities in an organization's systems, networks, and applications. Penetration tests go beyond automated scanning by using the techniques and methodologies that real attackers employ.
Risk Assessment
A structured process for identifying, analyzing, and evaluating information security risks. Risk assessments determine the likelihood and potential impact of threats to an organization's information assets, guiding decisions about which controls to implement.
Risk Register
A structured document or database that records all identified risks, their assessment details (likelihood, impact, rating), assigned risk owners, selected treatment options, current control status, and residual risk levels. It serves as the central repository for an organization's risk management activities.
Secure Software Development
A methodology that integrates security practices throughout the entire software development lifecycle (SDLC), from requirements and design through coding, testing, deployment, and maintenance, ensuring that security is built into applications rather than added afterward.
Vulnerability Assessment
A systematic process of identifying, quantifying, and prioritizing security vulnerabilities in systems, networks, and applications. Unlike penetration testing, vulnerability assessments focus on discovering weaknesses rather than exploiting them.
Assess your compliance posture
Run a free self-assessment for ISO 27001, SOC 2, GDPR, NIS2, or Tech DD and see exactly where you stand.
Start free assessment